WannaCry is an Example of Chaos That Can Ensue When Companies Aren’t Prepared

Mazen A. Dohaji, the Regional Director for Middle East, Turkey and Africa at LogRhythm.

Channel Post speaks to Mazen A. Dohaji, the Regional Director for Middle East, Turkey and Africa at LogRhythm, about the recently WannaCry ransomware attack

Have there been any instances of WannaCry attack in the region?
Thus far, we have not come across any organisation that has been affected. We have made all of our prospects and customers aware of the list of IOCs (Indication of Compromise).

Moreover, we have communicated with them the required controls to be put in place, and different ways to prevent the infection.

What has been the scale of infection of this ransomware threat?
The world has seen the most devastating attack with more 200,000 machines being affected, across more than 157 countries and counting. Security companies are often criticised for fear mongering and exaggerating the possible consequences of a cyber-attack.

However, this particularly aggressive strain of ransomware – which has caused system shut downs and suspension of critical services at organisations including the UK’s NHS – is a solid example of the chaos that can ensue when organisations aren’t prepared and don’t have control.

The truth is, a successful cyberattack now has the potential to be more damaging and detrimental to a business than any recession.

What is the state of ransomware threat in the region?
Over the past three years, ransomware has become one of the biggest cyber scams to hit businesses – attacks are not only proliferating, they’re becoming more sophisticated, damaging and expensive. According to reports, this particular incident is infecting companies across Europe and just goes to show how far-reaching, fast moving and damaging a successful attack can be.

Almost every organisation—large or small—is vulnerable to ransomware but we are starting to see more public outings of bigger, more high profile attacks hitting the headlines suggesting that the worst is yet to come. Each new report should be seen as yet another reminder for organisations to take cyber security seriously, making sure that they have the tools to be in place to detect any and all suspicious activity as soon as it happens – and before they have the chance to become the cyber equivalent of a pandemic.

How can companies and users keep themselves safe from such ransomware attacks?
Organisations – particularly those offering critical services – are lucrative targets for cybercrime and they need to accept the fact that determined hackers will eventually to get into their networks. As such, we must stop focusing solely on defence and perimeter protection – and put more effort into continuous monitoring, detection and response.

When news breaks of any major organisation being, organisations should immediately lookout for and prepare themselves for the worst. For those organisations already compromised, patching, anti-virus and backups aren’t going to show them the traffic from infected machines and help them with the cleanup. Security Intelligence will.

In short, there are three simple counter-measures that every organisation should be familiar with – put the necessary controls in place, patch all Windows machines and educate employees on the risks of opening malicious attachments from unknown senders.

How do you as a security company make sure your customers are safe from such attacks?
We have sent alert emails to all our customers and prospects in the region to make them aware of the Indication of Compromises, and implement the required rules to detect the infection well in advance. We push a mentality of continuous education across the length and breadth of the organisations we work with, right down all employee levels. Cybercrime is a real and evolving threat that will affect us at work and at home. Our people need to know what to do proactively to prevent from being attacked, and how to react when an attack is underway.

At the end of the day, this incident highlights just how important it is for organisations to have full insight into all network activity so that infected machines can be shut down as soon as they are compromised – and this is something that we educate our customers on time and time again.